{"id":82220,"date":"2016-11-26T20:57:16","date_gmt":"2016-11-27T01:57:16","guid":{"rendered":"http:\/\/rbachnet.wwwmi3-ss40.a2hosted.com\/index.php\/"},"modified":"2021-04-05T17:24:27","modified_gmt":"2021-04-05T21:24:27","slug":"reducing-your-linkedin-risks","status":"publish","type":"post","link":"https:\/\/rbach.net\/index.php\/reducing-your-linkedin-risks\/","title":{"rendered":"Reducing Your LinkedIn Risks"},"content":{"rendered":"

\"Reducing<\/a>Microsoft\u2019s recent purchase of LinkedIn<\/strong> has pushed the struggling ersatz<\/a> professional networking site back into the limelight. There is plenty of speculation why Microsoft<\/a> (MSFT<\/a>) purchased the site for over $2.6 billion. Undoubtedly it has to do with LinkedIn’s<\/a> (LNKD<\/a>) cache of over 430 million online users<\/strong>. Whatever Redmond\u2019s designs are, now is probably a good time to check LinkedIn security to reduce your LinkedIn risks.<\/p>\n

\"LinkedIn<\/a>Attackers<\/strong> have long used social networking as part of their reconnaissance activities<\/strong>. They cull personal information posted on the site to craft targeted attacks<\/strong> that have a higher chance of succeeding. The cyber-criminals rely on the fact that people tend to trust people within their personal network.Their targets are more likely to fall for a spear phishing<\/a><\/strong> email if it appeared to come from a fellow member. The victims would also be more likely to visit a website if a member of their network suggested it.<\/p>\n

LinkedIn risks<\/h3>\n

The fake LinkedIn profiles “significantly increase” the likelihood that these social engineering attacks<\/strong> will work according to research by Dell SecureWorks<\/a>. The SecureWorks article describes<\/a> how attackers use fake LinkedIn profiles<\/strong>. Most of these fake accounts follow a specific pattern<\/strong>:<\/p>\n

    \n
  1. \"LinkedIn<\/a>They bill themselves as recruiters for fake firms<\/strong> or are supposedly self-employed. Under the guise of a recruiter, the attackers have an easy entry point into the networks of real business professionals. Real recruiters already use the service as a way to find potential candidates. LinkedIn users expect to be contacted by recruiters, so this ruse works out in the scammers\u2019 favor.<\/li>\n
  2. They primarily use photos of women pulled from stock image sites<\/strong> or of real professionals. Many of the fake LinkedIn accounts use unoriginal photographs. Their profile photos were found on stock image sites, other LinkedIn profiles, or other social networking sites<\/a>.<\/li>\n
  3. \"\"<\/a>Attackers copy text from profiles of real professionals. <\/strong>They then paste it into their own. The text used in the Summary and Experience sections were usually lifted verbatim, from real professionals on LinkedIn.<\/li>\n
  4. They keyword-stuff their profile<\/strong> for visibility in search results. Fake LinkedIn accounts stuff their profiles with keywords to gain visibility in to specific industries or firms.\u00a0 Northrup Grumman<\/a> and Airbus Group<\/a> are popular.<\/li>\n<\/ol>\n

    The primary goal of these fake LinkedIn accounts is to map out the networks of business professionals. Using these fake LinkedIn accounts, scammers can establish a sense of credibility<\/strong> among professionals to start further connections. The fake network was created to help attackers target victims via social engineering<\/strong>.<\/p>\n

    \"disguise<\/a>In addition to mapping connections, scammers can also scrape contact information<\/strong> from their connections. The attackers collect personal and professional email addresses as well as phone numbers<\/strong>. This information could be used to send spear-phishing emails<\/strong>.<\/p>\n

    <\/b>LinkedIn cyber-thieves use<\/a> TinyZbotmalware (a password stealer, keystroke logger, multifunctional Trojan) and disguise it as a r\u00e9sum\u00e9 application. The Dell researchers advise organizations to educate their users of the specific and general LinkedIn risks in their report:<\/p>\n